package com.easy.cloud.web.component.core.constants;

/**
 * @author GR
 * @date 2021-3-29 16:50
 */
public class SecurityConstants {

    /**
     * 源
     */
    public static final String ORIGIN = "origin";

    /**
     * 内部源
     */
    public static final String INNER_ORIGIN = "inner";

    /**
     * Security Redis 前缀
     */
    public static final String COMPONENT_SECURITY_REDIS_PREFIX = "easy_cloud:components:security:";

    /**
     * Security Token 前缀
     */
    public static final String COMPONENT_SECURITY_REDIS_TOKEN_PREFIX =
            COMPONENT_SECURITY_REDIS_PREFIX + "token:";

    /**
     * sys_oauth_client_details 表的字段，不包括client_id、client_secret
     */
    public static final String CLIENT_FIELDS =
            "client_id, CONCAT('{noop}',client_secret) as client_secret, resource_ids, scope, "
                    + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
                    + "refresh_token_validity, additional_information, autoapprove";

    /**
     * JdbcClientDetailsService 查询语句
     */
    public static final String BASE_FIND_STATEMENT = "select " + CLIENT_FIELDS
            + " from auth_client_details";

    /**
     * 默认的查询语句
     */
    public static final String DEFAULT_FIND_STATEMENT = BASE_FIND_STATEMENT + " order by client_id";

    /**
     * 按条件client_id 查询
     */
    public static final String DEFAULT_SELECT_STATEMENT =
            BASE_FIND_STATEMENT + " where client_id = ?";

    /**
     * Security Jwt token 签名
     */
    public static final String JWT_TOKEN_SIGNING_KEY = "easy.cloud.jwt.secret";
    /**
     * Security Client secret
     */
    public static final CharSequence SECURITY_CLIENT_SECRET = "easy.cloud.client.secret";

    /***************************************认证用户信息增强KEY**********************************/
    public static final String AUTHORIZATION_USER_ID = "user_id";
    public static final String AUTHORIZATION_USER_NAME = "user_name";
    public static final String AUTHORIZATION_USER_CHANEL = "channel";
    public static final String AUTHORIZATION_USER_TENANT = "tenant";

    /**
     * 第三方授权登录前缀，切记：不可随意更改，必须满足格式/oauth/token/*,否则单体部署服务时，会出现无法获取正常访问SocialUserAuthenticationFilter过滤器的问题
     * <p>原因：当进行单体服务部署时，Oauth的过滤链会出现三条，分别为：OrRequestMatcher、NotOAuthRequestMatcher（属于资源服务器）、AnyRequestMatcher，正常情况下，
     * Oauth推荐认证服务必须与资源服务分开，所以导致单体服务运行时，会出现NotOAuthRequestMatcher过滤链（重点类：FilterChainProxy），
     * 所以在根据request进行匹配过滤链时，因顺序问题，会被NotOAuthRequestMatcher过滤链拦截，而SocialUserAuthenticationFilter
     * 过滤器位于AnyRequestMatcher过滤链中，导致无法正常匹配到对应的过滤器，导致无法执行正常流程</p>
     */
    public static final String SOCIAL_TOKEN_URL_PREFIX = "/oauth/token/social";
    /**
     * 资源服务器默认bean名称
     */
    public static final String RESOURCE_SERVER_CONFIGURER = "resourceServerConfigurerAdapter";

    /**
     * 角色前缀
     */
    public static final CharSequence ROLE_PREFIX = "role_";
}
